Recently, CISA (Cybersecurity and Infrastructure Security Agency), a U.S. cyber security agency, and the Federal Bureau of Investigation (FBI) published a list of the top 20 most exploited software vulnerabilities across the last 6 years, between 2016 and 2021.
The agency urges businesses in the private and public sectors to apply to their networks the available updates and implement centralized patch management systems to prevent cyberattacks.
List of the most exploited software vulnerabilities
The list below will help you identify malware associated with exploiting the CVE (Common Vulnerabilities and Exposures). Included are the vulnerable products, CVE numbers, and mitigation strategies.
- CVE-2012-0158
Vulnerable products: Microsoft Office 2003 SP3, 2007 SP2, and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0
Associated malware: Dredex
Mitigation: Update affected Microsoft products with the latest security patches
- CVE-2015-1641
Vulnerable products: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1
Associated malware: Toshliph, UWarrior
Mitigation: Update affected Microsoft products with the latest security patches
- CVE-2017-11882
Vulnerable products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Products
Associated malware: Loki, FormBook, Pony/FAREIT
Mitigation: Update affected Microsoft products with the latest security patches
- CVE-2017-0199
Vulnerable products: Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016, Vista SP2, Server 2008 SP2, Windows 7 SP1, Windows 8.1
Associated malware: FINSPY, LATENTBOT, Dridex
Mitigation: Update affected Microsoft products with the latest security patches
- CVE-2017-5638
Vulnerable products: Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1
Associated malware: JexBoss
Mitigation: Upgrade to Struts 2.3.32 or Struts 2.5.10.1
- CVE-2017-0143
Vulnerable products: Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607; and Windows Server 2016
Associated malware: Multiple using the EternalSynergy and EternalBlue Exploit Kit
Mitigation: Update affected Microsoft products with the latest security patches
- CVE-2017-8759
Vulnerable products: Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7
Associated malware: FINSPY, FinFisher, WingBird
Mitigation: Update affected Microsoft products with the latest security patches
- CVE-2018-4878
Vulnerable products: Adobe Flash Player before 28.0.0.161
Associated malware: DOGCALL
Mitigation: Update Adobe Flash Player installation to the latest version
- CVE-2018-7600
Vulnerable products: Drupal before 7.58, 8. x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1
Associated malware: Kitty
Mitigation: Upgrade to the most recent version of Drupal 7 or 8 core
- CVE-2019-0406
Vulnerable products: Microsoft SharePoint
Associated malware: China Chopper
Mitigation: Update affected Microsoft products with the latest security patches
- CVE-2019-11510
Vulnerable products: Pulse Connect Secure 9.0R1 – 9.0R3.3, 8.3R1 – 8.3R7, 8.2R1 – 8.2R12, 8.1R1 – 8.1R15 and Pulse Policy Secure 9.0R1 – 9.0R3.1, 5.4R1 – 5.4R7, 5.3R1 – 5.3R12, 5.2R1 – 5.2R12, 5.1R1 – 5.1R15
Mitigation: Update affected Pulse Secure devices with the latest security patches
- CVE-2019-19781
Vulnerable products: Citrix Application Delivery Controller, Citrix Gateway, and Citrix SDWAN WANOP
Mitigation: Update affected Citrix devices with the latest security patches
- CVE-2020-5902
Vulnerable products: BIG-IP (LTM, AAM, Advanced WAF, AFM, Analytics, APM, ASM, DDHD, DNS, FPS, GTM, Link Controller, PEM, SSLO, CGNAT) 15.1.0, 15.0.0-15.0.1, 14.1.0-14.1.2, 13.1.0-13.1.3, 12.1.0-12.1.5, and 11.6.1-11.6.5
Mitigation: Upgrade to available secure versions
- CVE-2020-15505
Vulnerable products: MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0, and 10.6.0.0; Sentry versions 9.7.2 and earlier and 9.8.0; and Monitor and Reporting Database (RDB) version 2.0.0.1
Mitigation: Download and install a fixed software version of the software
- CVE-2020-0688
Vulnerable products: Microsoft Exchange Server 2019 Cumulative Update 3 and 4, 2016 Cumulative Update 14 and 15, 2013 Cumulative Update 23, and 2010 Service Pack 3 Update Rollup 30
Mitigation: Download and install a fixed software version of the software
- CVE-2020-1472
Vulnerable products: All versions of Windows Server 2019; all versions of Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; and Windows Server versions 1909/1903/1809
Mitigation: Apply the security updates as recommended in the Microsoft Netlogon security advisory
- CVE-2021-27101
Vulnerable products: FTA 9_12_370 and earlier
Mitigation: Update Accellion FTA to version FTA_9_12_432 or later
- CVE-2021-27102
Vulnerable products: FTA versions 9_12_411 and earlier
Mitigation: Update Accellion FTA to version FTA_9_12_432 or later
- Oversights in Microsoft O365 security configurations
Vulnerable products: Microsoft O365
Mitigation: Follow Microsoft O365 security recommendations
- Organizational cybersecurity weaknesses
Vulnerable products: Systems, networks, and data
Mitigation: Follow cybersecurity best practices
What about unknown software vulnerabilities?
Vulnerabilities that have not been made known publicly (exploitable through 0-day exploits) pose a threat to business networks.
While penetration testing can unearth unknown vulnerabilities, some cybersecurity agencies observe that known cyberattacks with known mitigation solutions still pose a bigger threat to companies compared to 0-day exploits.
Although you may not always control the exploitation of unknown vulnerabilities on your network, you can take action against known vulnerabilities.
How to protect your network against software hack
Vulnerability management can be difficult because it requires making decisions that account for business objectives, data and asset classification, risk, and more. However, Cisco Integrated Services Router can help you identify, prioritize and mitigate existing vulnerabilities so that you enhance the security of your most important assets.
Sources
- Top Routinely Exploited Vulnerabilities – CISA, August 20, 2021
- Top 10 Routinely Exploited Vulnerabilities – CISA, May 12, 2020
- DHS CISA and FBI share list of top 10 most exploited vulnerabilities by Catalin Cimpanu, May 12, 2020, ZDNet
- Top 10 most exploited vulnerabilities list released by FBI, DHS CISA by Lisa Vaas, May 15, 2020, Naked Security
- Top 10 Cybersecurity Vulnerabilities of 2020 by Camille Singleton, March 10, 2021, Security Intelligence